KR20030040427A - Systems and methods for integrity certification and verification of content consumption environments - Google Patents

Abstract

Content providers, such as document publishers and distributors, for example, provide protected content for consumption within a trusted user environment. By providing integrity assurance and verification services, the authenticity of content consumption environments can be verified. The content provider sends to the user a safeguard of the digital content, including, for example, a license agreement and an integrity profile ID. Profiles include, for example, applications and system components, which are allowed to be used in conjunction with protected content. In addition, the content provider initiates a request for an integrity profile. This request for integrity profile is forwarded to the integrity assurance and verification device. The integrity assurance and verification device may, for example, query the content consuming system / application provider providing system components to the user if the integrity profile does not already exist for the requested applications and / or system components. have. The content consuming system / application provider returns with integrity assurance and verification device authentication information for specific applications or system components. The authentication information allows a comparison or integrity verification to be made between the application and / or system components on the user's system and the original application or system in its state distributed by the content consuming system / application provider.

Description

Systems and methods for integrity certification and verification of content consumption environments

One of the most important issues that prevent widespread distribution of digital documents through electronic commerce is the lack of practical protection available to the intellectual property of content owners and providers during the distribution and use of digital documents. Efforts to address these issues include Intellectual Property Rights Management (IPRM), Digital Property Rights Management (DPRM), Intellectual Property Management (IPM), and Digital Rights Management: DRM), Rights Management (RM) and Electronic Copyright Management (ECM).

[0003] Content providers often desire their content to be consumed by guaranteed applications and systems with desired characteristics and / or behaviors. Direct use of the public key infrastructure (PKI) allows application and system providers to vouch for their own products, and content providers can verify the integrity of those applications and systems used to consume their content. Makes it possible.

The present invention relates to integrity assurance and verification. In particular, the present invention relates to integrity certification and verification within a content consumption environment.

The present invention is described in detail with reference to the accompanying drawings, the accompanying drawings are as follows.

1 is a functional overview showing a first embodiment of an integrity assurance and verification system according to the present invention.

2 is a functional block diagram illustrating a first embodiment of the integrity assurance and verification system according to the present invention.

3 is a workflow diagram of an exemplary integrity assurance and verification device in accordance with the present invention.

4 shows an exemplary structure of an integrity profile according to the present invention.

5 shows an exemplary environment stack in accordance with the present invention.

6 shows an exemplary environmental stack in accordance with the present invention.

FIG. 7 shows a workflow of an exemplary environmental stack in accordance with the present invention. FIG.

8 shows an exemplary workflow of a stack according to the present invention.

9 illustratively shows a method of manipulating a stack in accordance with the present invention.

10 illustratively illustrates a method of preventing dynamic tampering through the use of debugging in accordance with the present invention.

FIG. 11 is a flow diagram illustrating an overview of one exemplary embodiment of an integrity assurance and verification method according to the present invention. FIG.

12 is a flow diagram illustrating the outline of one exemplary embodiment of a method of registering applications and / or a system in accordance with the present invention.

[0038] Figure 13 is a flow diagram illustrating the outline of one exemplary embodiment of a method of determining an integrity profile according to the present invention.

[0039] Figure 14 is a flow diagram illustrating an overview of one exemplary embodiment of a method for verifying the integrity of an integrity authenticator in accordance with the present invention.

However, direct use of PKI will create a many-to-many relationship between sellers and providers. This type of relationship is not easy to scale, and it is difficult, if not impossible, to manage that relationship and verify integrity in an efficient and real-time manner.

Content providers often want to have guaranteed content and their content consumed by the system with desired characteristics and behaviors. By controlling these aspects of the content consumption environment, content providers can restrict usage, such as copying, printing, embedding, distribution, and the like.

For example, a content provider may want to protect content from misuse in a manner that requires a system that consumes content to be at some level of safety and rights management capabilities. The content provider may also be able to communicate with any content consuming application on the user's system that any "alien" application, such as a debugger, virus, interception routine, etc., confiscates or otherwise "steals" the content or other sensitive information. You may not want to interact. For example, Attorney Docket No. 111325 000002, entitled "Method and Apparatus for Managing Document Distribution and Using Standard Rendering Engine, and Method and Apparatus for Controlling Standard Rendering Engine", the entire contents of which There is an invention that is incorporated and filed together here, which allows the user to restrict access to a document through the functionality management of the user system.

In order to ensure that given applications and systems have the desired characteristics and behavior, verification of all applications and system components needed to consume content needs to be verified by the verifying application. .

The present invention describes systems and methods that provide assurance and verification for content consumption environments. Within such a system, an integrity assurance and verification device that provides these services is introduced between the content provider and the content consuming system / application provider. This assurance device registers the individual applications and / or systems of each provider and assures the content providers the integrity of these applications and / or systems according to a predetermined choice. Through the use of these services, content providers can "trust" the integrity assurance and verification device. With this trust, the provider establishes a profile of the applications and system sets that are allowed to consume its content, and verifies that the user's applications and system sets are authenticated to the user system according to that profile. .

In particular, the systems and methods of the present invention provide assurance and verification for the integrity of content and consumption environments, such as, for example, documents. Within such systems, integrity assurance and verification devices that provide such services include content providers and content consumption systems, such as personal computers, handheld computers, PDAs, multimedia display devices, DVD players, distributed networks. It is introduced between distributed network enabled phones and application providers that distribute applications such as word processors, document viewers, and multimedia players. The integrity assurance and verification device registers the individual applications and / or systems of the content consuming system / application providers, and assures the content providers the set of such applications and systems. By using such a service, a content provider can select or trust an integrity assurance and verification device, establish a profile of applications and a set of systems that are allowed to consume the content, and according to that profile on the user system You can verify your system that your applications and systems are authenticated. In this way, the degree of access or control of the content requested or submitted by the user can be controlled.

The term document, as used herein, is any unit of information to be distributed or conveyed, such as letters, books, magazines, periodicals, newspapers, other documents, software, plug-ins, photographs, other images, audio video clips. And other multimedia presentations, but are not limited to these. The document may be recorded on a storage medium or any other known or future development medium or software, including compact discs (CDs), digital video discs (DVDs), laser discs, optical and magneto-optical media, and the like. The digital data may be embodied in a printed form on paper.

[0011] The systems and methods of the present invention provide integrity assurance and verification services.

The present invention separately provides a system and method for integrity assurance and verification services for a content consumption system environment.

The present invention also separately provides a system and method for determining an integrity profile.

The present invention additionally provides a system and method for verifying the integrity of one or more system environments.

The present invention also provides a system and method for managing integrity profiles, system and system component information.

The present invention additionally provides a system and method for performing an integrity check on a user system through the use of an integrity profile.

In particular, a content provider, such as a document publisher or distributor, initiates a request for an integrity profile. This request for integrity profile is forwarded to the integrity assurance and verification device. The integrity assurance and verification device may, for example, query the content consuming system / application provider who has been supplying various system components and / or applications to the user if there is no integrity profile for the requested applications and system components. You can do The content consuming system / application provider returns with integrity assurance and verifier authentication information about specific applications or system components. The authentication information enables a comparison or integrity verification between an application or system component on the user's system and the original application or system component distributed by the content consuming system / application provider.

The authentication information regarding system applications and components is stored in a component database. Profiles for content providers are stored in a profile database. As another alternative, the content consumption system / application provider can maintain a database of authentication information that can be passed directly to each database of integrity assurance and verification devices, without the need for integrity verification and assurance devices to determine the integrity profile. An integrity profile identifier (ID) is then returned to the content provider, corresponding to the specified integrity profile.

A content provider, such as a document distributor, provides the user with protected content, for example. The content provider delivers a protected version of the digital content to the user, including, for example, a license agreement and an integrity profile ID. The integrity profile ID includes, for example, the IDs of the applications and system components that are allowed to be used in conjunction with the protected content and the integrity profile for those systems / applications.

The integrity assurance and verification apparatus has authentication information from the content consuming system / application provider, for example, upon request of the user system, delivers an integrity profile to the user system. Using this integrity profile, integrity verification of the user system can be performed. Once it is determined that the components / applications of the user system can be authenticated, the user's applications and system access to the digital content provided by the content provider may be made, for example, in accordance with additional profile information.

However, it is necessary to recognize that integrity assurance does not need to be derived from a content provider. In contrast, a warranty request can be initiated, for example, by a software application embedded in profile ID information, which profile ID information is passed from the content provider to the user's system along with the protected content.

As an alternative, the content provider may also serve as an integrity verification and assurance system. In this case, the content provider performs the integrity assurance and verification service itself by collecting the appropriate authentication information and establishing an integrity profile for the content provider's own use.

Additionally, the content consuming application / system provider may also act as an integrity assurance and verification device. In this case, the content consuming application / system provider may supply an integrity profile, for example with associated applications and / or system components.

These and other features and advantages of the present invention will become apparent from the following detailed description of preferred embodiments.

The system and method of the present invention provide assurance and verification services for determining the integrity of a content consumption environment. Within such a system, an integrity assurance and verification device is introduced between one or more content providers and one or more content consumption systems and application providers. The integrity assurance and verification device obtains authentication information from the content consuming application and / or system providers. This authentication information allows the content provider to trust the environment in which the content is presented. Thus, based on the authentication information received from the content consuming application and the system provider, an integrity profile is created. This profile is then passed to the user's system to confirm that the user has not altered, altered or otherwise tampered with the digital content provided by the content provider.

1 shows an example system for performing integrity assurance and verification. In particular, the integrity assurance and verification system 100 includes an integrity assurance and verification apparatus 200, a content provider and / or distributor 300, a user system 400, a content consumption system / application provider 500, a component database ( 260 and profile database 270.

In an example operating environment, content consumption system / application provider 500 provides applications, systems, and / or software / hardware components to a user. User system 400 allows consumption of digital content, such as documents, supplied by content providers and distributors 300. In order to verify the integrity of the user system 400, the integrity assurance and verification device 200 may provide authentication information for the software / hardware components of the individual applications, system and / or content consumption system / application provider 500. Collect and register. With this authentication information, integrity assurance and verification device 200 determines and assures the system and / or system components based on the integrity profile of one or more applications, the service request 20 from its content provider 300. . This determined integrity profile 50 may be communicated to the user system 400 to determine the integrity of the user system 400.

In operation, the content provider and distributor 300 provide digital content, such as a document, to the user system 400. User system 400 has one or more system components, such as hardware components and / or various software applications. These applications and hardware / software components are usually obtained by the user from one or more content consumption system / application providers such as computer providers, software warehouses, application providers, and the like. These applications and hardware and software components are then assembled by the user or installed as dedicated, if not already assembled, in order to allow the user to consume content such as documents.

Thus, during the process of using applications and hardware / software of the user environment, the user may wish to view protected content such as a document. Thus, user 400 will request one or more documents, such as e-books, multimedia files, presentations, form templates, etc. from content provider 300. Upon receiving such a request, the content provider and distributor 300 may provide the requested content to the end user 400 with the profile ID 10 in a protected format. This profile ID 10 includes details, for example, in which application the protected content can be viewed and for example the degree to which the provided content can be manipulated within a particular software / hardware environment.

In addition, the content provider 300 may deliver the service request 20 to the integrity assurance and verification apparatus 200. The service request 20 includes, for example, a list of software applications that the component and / or content provider 300 wants to cause the user system 400 to consume the protected content that has been distributed. The integrity assurance and verification device 200 determines whether the component and applications / software identified in the service request have corresponding authentication information stored in the component database 260 and / or the profile database 270. If the integrity assurance and verification device did not have the authentication information specified in the service request 20, then the integrity assurance and verification device 200, from the providers 500 of one or more content consumption systems / applications, will be able to obtain the specific application, Authentication information regarding system hardware / software components and the like can be requested. With this authentication information, the integrity assurance and verification device 200 stores information related to applications and system components in the component database 260. Alternatively, integrity assurance and verification apparatus 200 may develop an integrity profile for one or more applications. With this information confirming the authenticity of applications, systems and system components, integrity assurance and verification device 200 forwards integrity profile 50 to user system 400. This integrity profile 50 is used to verify the authenticity of the system, system components, and / or applications of the user system 400. If it is determined that the user's system components and / or applications are true, the protected content 10 is unprotected so that the user system 400 sees the protected content or otherwise the integrity profile. The operation is performed according to.

FIG. 2 shows an overview of the components of the integrity assurance and verification environment 100 in accordance with an exemplary embodiment of the present invention. In particular, integrity assurance and verification environment 100 may include one or more content providers 300, one or more user systems 400, one or more integrity assurance and verification devices 200, and one or more content consumption system / application providers. Field 500 is provided.

The content provider 300 includes, for example, a controller 310, a memory 320, an input / output controller 330, and a content database 340. However, content provider 300 also needs to be aware that content may be distributed in a more traditional manner. For example, the content provider may distribute a compact disc (CD) containing the content. This CD may be delivered to the user, for example, via a postal delivery service. In general, any form of distribution and dissemination may work equally well with the systems and methods of the present invention.

Integrity assurance and verification device 200 is a controller 210, memory 220, input and output controller 230, digital signature device 240, component registration device 250, component database 260, A profile database 270, a profile generating device 280, a profile distribution device 290, and a profile verification device 295 are provided. The integrity assurance and verification device 200 provides the following services: component registration service and integrity profile service. The registration service allows applications, systems, and / or software / hardware components received from each provider to be registered as authorized, along with their intended features, purposes and / or actions, and the like.

An integrity profile service is provided to content providers to build and retrieve integrity profiles. An integrity profile is a document that can be optionally and digitally signed, which includes a set of registered system components that will consume verifiable information and the content of protected documents. Once an integrity profile is created, the ID of that integrity profile is returned to the content provider. The content provider will include a use license for the integrity profile ID and optionally the protected document. When the content of the protected documents is consumed and needs to perform local integrity verification of the user's system and environment, the integrity profile can be retrieved from the integrity assurance and verification device 200 to the user system.

The user system 400 includes a controller 410, a memory 420, an input / output controller 430, a storage device 440, an integrity authentication device 450, and a profile storage device 460. However, it should be appreciated that this exemplary user system is based on the model of the computer. However, the components of the user system may vary depending on the type of content being consumed, for example. In general, any user system with parts whose integrity can be verified will work equally well with the systems and methods of the present invention.

The content consumption system / application provider 500 may, for example, include a controller 510, a memory 520, an input / output controller 530, a registered application device 540, an application database 550, and a system database 560. Equipped. However, similar to the content provider 300, the content consumption system / application provider may take many different forms depending on the type of system and / or application provided by the content consumption system / application provider. For example, if content consumption system / application provider 500 supplies special hardware components, content consumption system / application provider 500 may not maintain application and system databases. Alternatively, the system / device component supplier may, for example, send authentication information directly to the integrity assurance and verification device 200, for example on a disk.

Alternatively, the content consumption system / application provider 500 may coordinate efforts with the content provider 300 to facilitate determination of the integrity profile. In general, a content consumption system / application provider may be any entity capable of supplying hardware or software and authentication information about it.

In this example embodiment, the content consumption system / application provider 500 appears to have various system components, while the content consumption system / application provider 500 is, for example, a computer distributor, software developer, software provider. You need to be aware that it can be a software distributor. Thus, the content consumption system / application provider 500 may supply devices and / or software to allow consumption of the content provided by the content provider 300.

The various components of the integrity assurance and verification environment 100 may communicate via a link 5 between them, the link being a wired or wireless link, or electronic data between the connected components. It can be any other known or later developed component that can be supplied. For example, the link 5 may be one or more distributed networks, which may be one or more integrity assurance and verification environments 100, or alternatively, one or more content providers 300, user systems 400, content. It may in turn be connected to the consumer systems / application providers 500 and to multiple instances of the integrity assurance and verification devices 200.

In an exemplary operating environment, content consumption system / application provider 500 supplies applications, software, and / or hardware to a user. These applications, software and / or hardware are used by a user to consume content such as viewing a document.

The content provider 300 distributes content, such as a document, to the user system 400, for example, at the request of a user located in the user system 400. In particular, one request may be received from the user system 400 by the content provider 300. This request is received via the input / output controller 330, which is processed by the controller 310 in cooperation with the memory 320 to retrieve the requested content from the content database 340. For example, the content provider 300 may be an online content provider, a bookstore, a software provider, or any other content provider who wishes to provide content to the user, such as a document.

When receiving a content request from user system 400, content provider 300 returns not only the requested content, but also additional information about the protected content to user system. Such additional information may include a profile ID. Alternatively, the additional information may contain, for example, information instructing the user system to request a profile, and thus integrity assurance, before enabling the content.

In addition, the additional information may identify which system components and / or hardware and / or software may be executed and / or used on the user's machine when viewing or interacting with the requested content.

Thus, one or more requested content, additional information, and profile ID are received by the user system 400 via the input / output controller 430, and the one or more memories 420 and storage in the direction of the controller 410. 440 is stored.

In one example embodiment, content provider 300 may initiate a service request 20, such as a request for an integrity profile from integrity assurance and verification device 260. The integrity assurance and verification device 260 receives a service request from the content provider 300 via the input / output controller 230 and in cooperation with the controller 210 and the memory 220.

As discussed above, the integrity assurance and verification apparatus 200 includes a component database 260 and a profile database 270. Component database 260 stores authentication information related to systems and system components that may be distributed by one or more content consumption system / application providers 500. Similarly, profile database 270 stores verifiable information and a set of registered system components that are intended to consume the content of a protected document for one or more individual content providers 300.

Thus, upon receiving a request for an integrity profile from the content provider 300, the integrity assurance and verification apparatus 200, with the help of the memory 220 in the direction of the controller 210, causes the component database 260. And the profile database 270 to determine whether authentication information corresponding to the information in the service request already exists.

As another alternative, the integrity assurance and verification apparatus 200 may perform an online verification service. The online verification service is provided for performing integrity verification online, such as in the integrity assurance and verification apparatus 200 in real time. To initiate this service, some software, called an integrity authenticator, is delivered to the user system 400. Integrity authenticators allow the gathering of local software and / or hardware components to be performed. Alternatively, the integrity authenticator may be a dedicated device, such as the integrity authentication device 450 illustrated in FIG. 2. The information collected about the local software and / or hardware components may be returned to the integrity assurance and verification device 200 along with the integrity profile ID to perform online integrity verification. The component registration apparatus 250 inspects a software / hardware component provided from each provider and stores ID information in the component database 260. Information relating to the software / hardware component may be hashed, for example, and the hash value may be used as authorized software / hardware information. However, it is to be appreciated that the information identifying each software / hardware component may be any known or later developed structure that takes into account the ID of the hardware and / or authorized portion of the software.

Registration of special software and / or hardware components is as follows. For example, the content consumption system / application provider 500 may communicate with an identification and certification verification device 200 to request a registration service, or alternatively, the identification and warranty verification device. 200 may communicate with content consumption system / application provider 500 to obtain authentication information. In this example, registered application device 540 cooperates with controller 510, memory 520, and input / output controller 530 to search for one or more application databases 550 and system database 560, eg, provider name. The application itself is secured as information or other alternative about specific software and / or hardware, including component IDs such as serial numbers, version numbers, build numbers, and the like.

For example, in one particular operating scenario, instead of obtaining authentication information from a particular content consumption system / application provider 500, integrity assurance and verification apparatus 200 may actually consume content such as, for example, a software program. A specific application from the system / application provider 500 may be requested. In this way, the integrity assurance and verification device 200 may not require authentication information, because the integrity assurance and verification device 200 may be required to directly access a particular software application from the content consumption system / application provider 500. This is because it can be secured.

The component registration apparatus 250 verifies the information of the component, and optionally calculates a hash value that can be used as the authentication software and / or hardware ID, for example. The component registration apparatus 250 then stores the component information and, for example, the hash value in the component database 260.

Alternatively, instead of sending software and / or hardware components to the registration application device 540, the content consuming system / application provider 500 may also connect to the component registration device 250 to register with the registration application. You can download the same small software application and have it run locally. This registration application examines the target software / hardware component and retrieves information related to the software / hardware component, including authentication information about the component, together with an integrity value, such as a hash value. Will be sent to the original component registration apparatus 250, which can be stored in.

As another alternative, the profile generator 280 builds integrity profiles for software. In particular, integrity values, such as hash values for each software, can be retrieved from the component database and stored. Also included in the profiles is an optional interaction relationship between the components. This relationship is used to identify the calling and returning order of the components to prevent unintended interaction with the other components. The content of the integrity profile is then digitally signed, for example, and the signature result is added to the integrity profile. Each integrity profile is associated with a unique ID.

FIG. 3 shows an example workflow of inputs, outputs, and services and actions provided by the integrity assurance and verification apparatus 200. In particular, the component ID, and optionally, meta information about a specific component, is transmitted to the component registration apparatus 250 for the component registration service. Component registration apparatus 250 registers, for example, a component with intended features, objects, and actions in a component database. Component device 250 then returns the registered component's ID to, for example, the content consuming system / application provider and makes that ID available to, for example, content provider 300.

Profile generation device 280 for generating a profile receives the ID of the registered components. The IDs of the registered components, if combined with the information about the relevant components, are digitally signed and stored in the profile database, if any. The integrity profile ID is returned to the requestor.

Similarly, profile distribution device 290 receives an integrity profile ID. The profile database 270 then receives a query to determine if an integrity profile corresponding to that integrity profile ID is available. If an integrity profile is available, the integrity profile is returned to the requestor. If not, the integrity profile can be determined with the help of profile generator 280.

The integrity verification apparatus 295 receives information identifying one or more components and an integrity profile ID. The profile verification apparatus determines the verification data by comparing the component IDs, the integrity profile ID, and the corresponding integrity file. If the profiles and components and IDs match, the integrity of the system is verified. Otherwise, the system is not specified in the integrity profile or has been altered in some way.

4 shows an example integrity profile. This example integrity profile can be generated by the integrity generator 280. In order to build an integrity profile for an authenticated content provider, a request is initiated to create an integrity profile. For example, the provider may contact the integrity assurance and verification device 200 to request the creation of an integrity profile. The provider then sends a list of names of software and / or hardware components to integrity assurance and verification apparatus 200. The profile generator 280 then retrieves the ID of each of the components, such as integrity or hash value, from the component database 260. The profile generator 280 then determines an integrity profile, which provides authentication information, such as the integrity or hash value of each of the components, with other information such as the integrity profile ID, version number, creation date, construction date, Content provider names, and optionally, together contain information such as interactions between any software and / or hardware components.

The profile generation device 280 delivers the determined integrity profile to the digital signer 240, after which the digital signer 240 can sign the content of the profile. Profile generator 280 then stores the signed profile in profile database 270 and returns the profile ID to content provider 300.

For example, when generating a usage license for the content of a protected document, the content provider 300 may optionally include its integrity profile ID in the usage license. On the user system 400, the integrity profile will be used to verify all software / hardware components in the paging stack. This ensures that sensitive information can only be consumed by authorized software / hardware components, or some combination thereof.

The profile distribution device 290 accepts a request to obtain integrity profiles and retrieves them from the profile database 270 and returns the integrity profile to each requestor. Similarly, profile verification device 295 accepts a request to verify user systems for one or more system environments. Profile verification device 295 gathers information about software / hardware components according to integrity profiles, verifies the information against the profiles, and returns the verification results to the requestors.

User system 400 has an integrity authentication device 450. The integrity authentication device 450 is executed at the top of a content consumption application, for example.

Thus, FIG. 5 shows an example system environment stack over user device 400 for verifying system integrity. In particular, the user system environment stack includes an integrity authenticator and one or more system components.

FIG. 6 shows an example of an environment stack, which includes an integrity authenticator, a plug-in, a rendering application, an operating system (OS), an operating system bootstrap (OS boot strap), and respective hardware. do.

In an exemplary operating environment, the integrity authentication device 450 contains its own encryption / decryption key pair and verification key of the ID guarantee and verification device. These keys are concealed and / or embedded in the integrity authenticator 400 as much as possible in view of aspects of the interference-resistance of the present invention. For those applications that require the use of a user's private information or that contain sensitive documents and data, the integrity authenticator 450 can use an associated integrity profile to load all software / hardware components on the call stack of the user's system environment. Can be verified

Integrity authentication device 450 will first verify the signature of the profile using the integrity assurance and verification device verification key. As illustrated in Figures 7-9, once the signature is verified, the integrity authenticator 450 examines the current call stack and uses each software / hardware component on the call stack that uses the information provided in the integrity profile. Start authenticating. The call stack is a contiguous block of memory consisting of memory images and the functions or procedures involved. The stack operates on the concept of last-in-first-out and the basic operations of the stacks are stack "push" and stack "pop". Pushes are used to store images on the stack to advance the top of the stack to some position. The pop is used to remove the data from the stack and restore the top of the stack to its previous position.

[0082] in the case of a call stack. The image of the function currently being executed is at the top of the stack. When the currently executing function calls or calls the next function, the memory image of the next function is pushed to the top of the call stack and the top of the call stack points to the image of the next function. Each part of the stacked images will contain an address or a return instruction after the called function finishes its execution.

10 illustrates how the execution environment is protected. In particular, to protect the Integrity Authenticator (IA), the execution of the IA is monitored by trusted applications that are part of the IA. A monitoring process, for example an application, can be a debugger or a special process that can prevent the IA from being monitored by any other process or application in the system. In some circumstances, when a processor can only be debugged by one process, the trusted monitoring program can run as a debugger. Since the monitoring program is a trusted application, the integrity of the monitoring program must be in the current integrity profile. Therefore, the IA will verify the integrity of the trusted application before loading and executing. The function of a trusted monitoring application prevents the IA from being monitored, controlled and captured by other processes. Another function of trusted monitoring applications is to monitor the current environment and determine if changes in the environment are effective. However, like the IA, a trusted monitoring application must also be protected and the IA will act as a monitor to prevent the trusted monitoring application from being monitored, captured and / or controlled by other applications. This double protection mechanism creates a closed system that prevents other applications from monitoring the execution of the integrity authenticator.

11 shows an example method of operation of the integrity assurance and verification device. In particular, control begins in step S100 and continues to step S110. In step S110, an integrity profile is determined. Next, in step S120, the integrity profile is guaranteed. Then, in step S130, the integrity profile is delivered to the user. Control continues to step S140.

In step S140, the integrity of the user system is verified. Next, in step S150, a determination is made as to whether the user system is eligible for authentication. If the user system is eligible for authentication, control continues to step S160 where the user is given access to the selected content. Otherwise, control jumps to step S170, where content access is denied or disabled. Control then continues to step S180, where the control sequence ends.

12 shows an exemplary method for registration of components / hardware and / or software in accordance with the present invention. Specifically, control begins in step S200 and continues to step 210. In step S210, the registration service is started. Next, in step S220, the component provider provides authentication information regarding a specific component / hardware and / or software. Then, in step S230, information about that particular component / hardware and / or software is verified. Control then continues to step S240.

In step S240, a determination is made as to whether the integrity value should be determined. If the integrity value should be determined, control passes to step S250 where the integrity value is determined. If not, control jumps to step S260 where authentication information regarding the component / hardware and / or software is stored.

Next, at step S270, a determination is made as to whether the integrity value should be stored. If the integrity value is to be stored, control continues to step S280 where the integrity value is stored. Otherwise, if the integrity value will not be stored, control jumps to step S290 where the control sequence ends.

13 shows an exemplary method of determining a profile according to the present invention. Specifically, control begins in step S300 and continues to step S310. In step S310 integrity profile determination is started. Next, in step S320, a name such as an ID of the component and / or hardware or software is obtained. Then, in step S330, an ID relating to the component / hardware or software is retrieved. Control then continues to step S340.

In step S340, the integrity profile is determined. Next, in step S350, the integrity profile is digitally signed. Then, in step S360 the digitally signed integrity profile is stored. Control then continues to step S370.

In step S370, the signed integrity profile is delivered to the requestor, such as a content consumption system / application provider. Control then continues to step S380, where the control sequence ends.

14 illustrates an example method for verifying the integrity of an integrity authenticator in accordance with an aspect of the present invention. Control begins in step S400 and continues to step S410. In step S410, the integrity of the integrity authenticator is verified. Next, a determination is made as to whether the integrity authenticator is valid at step S420. If the integrity authenticator is valid, control continues to step S430. Otherwise, control jumps to step S540.

In step S430, a tamper-resistant environment is established. Next, the integrity profile is verified in step S440. Then, in step S450, a determination is made as to whether the integrity profile is valid. If the integrity profile is valid, step S640 is reached. Otherwise, control jumps to step S540.

In step S460, the integrity profile is loaded. Next, in step S470, the call stack of the current execution environment is constructed as illustrated in relation to FIG. At the bottom of the call stack is a set of hardware and / or devices, with all the software components facing the top of the stack. The relationship of the components on the stack is that the lower component calls the component immediately above it. Once the call stack has been established, the top of the call stack containing the execution image of the last executed component is positioned. Thus, the executable image of each component on the stack helps to identify the calling component. Then, in step S480, the ID for calling the component is retrieved. Control then continues to step S490.

In step S490, the integrity of the component is verified against the integrity profile. Next, in step S500, a determination is made as to whether the component is valid. If the component is valid, control continues to step S510. Otherwise, control jumps to step S540.

In step S510, it is determined whether the stack is empty. If the stack is empty, control jumps to step S520. Otherwise, control jumps to step S530. In step S520, the next component in the stack is located and this next component is set as the current stack frame. Control then returns to step S480 for verification.

In step S530, the integrity is verified and control continues to step S550 where the control right is terminated.

In step S540, the integrity check fails and control continues to step S550 where the control sequence ends.

As illustrated in FIGS. 1-2, the integrity assurance and verification device is preferably executed on either a single program general purpose computer or a separate program general purpose computer. However, the integrity assurance and verification device may also be used for hard-wired devices such as special purpose computers, programmed microprocessors or microcontrollers and peripheral integrated circuit (IC) elements, ASICs, or other integrated circuits, digital signal processors, distributed element circuits. hard-wired) may be implemented on programmable logic devices such as electronic and logic circuits, PLA, PLD, FPGA, PAL, and the like. In general, any device capable of executing a finite state machine that can sequentially execute the flowcharts illustrated in FIGS. 11-14 can be used to implement the integrity assurance and verification device.

[0100] Furthermore, the disclosed methods can be executed in software using object or object-oriented software development techniques in an environment that provides portable source code that can be used on a variety of computer or workstation hardware platforms. Alternatively, the disclosed integrity assurance and verification device may be implemented, in part or in whole, in hardware using standard logic circuits or VLSI designs. Whether software or hardware is used to implement the systems and methods according to the invention depends upon the speed and / or efficiency requirements of the system, the special functions, and the particular hardware or software system or microprocessor or microcomputer system being used. Depends on However, the integrity assurance and verification apparatus and methods described above, along with general knowledge of computer technology, may be used to identify any known or later developed system or structure, apparatus, and / or techniques based upon the functional description set forth herein by those skilled in the art. It can also run on hardware or software that uses software that can be created without experimentation. Moreover, the disclosed methods may be willing to run on devices such as general purpose computers, special purpose computers, microprocessors, servers, etc., programmed as software. In this case, the methods and devices of the present invention are embedded in devices such as dedicated integrity assurance and verification devices, web browsers, web TV interfaces, PDA interfaces, multimedia presentation devices, etc., on personal computers or servers such as JAVA or CGI scripts. It can be run as an embedded routine, such as a resource residing on a server or graphics workstation as a routine. The integrity assurance and attestation device may also be implemented by physically integrating systems and methods to software and / or hardware system, such as a hardware and software system of a graphics workstation or a dedicated integrity assurance and verification device.

It is therefore evident, in accordance with the present invention, systems and methods for integrity verification have been provided. While the invention has been described in combination with the preferred embodiments, it is evident that many other alternatives, modifications and variations will be apparent to those skilled in the art. Applicants therefore intend to envision all such alternatives, modifications and variations that fall within the spirit and scope of the invention.

Claims (34)

An integrity assurance and verification device that stores authentication information about one or more applications, systems, or system components; And And an integrity profile used to determine the authenticity of the one or more applications, systems or system components. The apparatus of claim 1, further comprising a component registration device that defines an integrity profile from the authentication information, wherein the integrity profile includes at least one of verifiable information and an ID of registered applications, systems, or system components. Integrity assurance and verification system, characterized in that. 2. The integrity assurance and verification system of claim 1, further comprising a profile database that maintains an integrity profile and an identity of registered applications, systems, or system components. The profile of claim 1, wherein the profile verifies authenticity by comparing one or more application, system or system component IDs, the one or more applications, systems or system components, the integrity profile and the integrity profile identifier. Integrity assurance and verification system further comprising a verification device. The apparatus of claim 1, further comprising a registration application device that obtains authentication information about the one or more applications, systems or system components from a content consuming application, system or system component provider. Integrity assurance and verification system. 10. The system of claim 1, wherein the integrity profile includes an ID of system components that can be used in connection with one or more applications, systems, or distributed information. 2. The integrity assurance and verification system of Claim 1, further comprising a content provider for distributing information. 10. The system of claim 1, further comprising a content consuming application, system or system component provider. The integrity guarantee of claim 1, wherein if the profile verifier determines that the one or more applications, systems, or system components cannot be authenticated, access to one or more documents is disabled. And verification system. The method of claim 1, wherein the integrity profile is determined based on verifiable information regarding the one or more applications, systems or system components, and one or more authenticated content consuming applications, system or system components. Integrity assurance and verification system, further comprising a profile generating device. The integrity profile comprises: determining an integrity profile that allows determination of the authenticity of one or more applications, systems or system components; And Determining access rights to content based on the determination of certainty. 12. The method of claim 11, further comprising assuring said integrity profile. 12. The method of claim 11, further comprising verifying the authenticity of the one or more applications, systems or system components. The method of claim 11, wherein the access right includes at least one of accessible or inaccessible access to the content. 12. The method of claim 11, further comprising obtaining authentication information about at least one application, system or system component. 16. The method of claim 15, further comprising digitally signing the integrity profile. 16. The method of claim 15, further comprising communicating the digitally signed integrity profile to a content consumer. 12. The method of claim 11, further comprising verifying said integrity of an integrity authenticator. 19. The method of claim 18, further comprising establishing an interference resistance environment. 19. The method of claim 18, further comprising verifying the integrity profile. 19. The method of claim 18, further comprising a valid integrity profile. 19. The method of claim 18, wherein verifying the integrity of the integrity authenticator comprises establishing that the integrity authenticator is not at least monitored, controlled, or recorded. An information storage medium that stores information for integrity assurance and verification in a content consumption environment. The integrity profile, which determines an integrity profile, enables information to determine the authenticity of one or more applications, systems or system components; And And information for determining access right to the content based on the authenticity determination. 24. The information storage medium of claim 23, further comprising information for assuring said integrity profile. 24. The information storage medium of claim 23, further comprising information verifying the authenticity of the one or more applications, systems, or system components. 24. The information storage medium of claim 23, wherein the access right includes at least one of accessible or inaccessible access to the content. 24. The information storage medium of claim 23, comprising information for obtaining authentication information about at least one application, system, system component. 28. The information storage medium of claim 27, further comprising information digitally signing the integrity profile. 28. The information storage medium of claim 27, further comprising information for conveying the digitally signed integrity profile to a content consumer. 24. The information storage medium of claim 23, further comprising information for verifying the integrity of an integrity authenticator. 31. The information storage medium of claim 30, further comprising information for establishing an interference resistance environment. 31. The information storage medium of claim 30, further comprising information for verifying the integrity profile. 31. The information storage medium of claim 30, further comprising information loading a valid integrity profile. 31. The information storage medium of claim 30, wherein verifying the integrity of the integrity authenticator comprises information verifying that the integrity authenticator is not at least monitored, controlled or recorded.